Automotive Supply Chain Best Practice Recommendation

OFTP2: List of Cipher suites

Version No: 1.0
Doc Ref No: OP09
Date: January 2015

Copyright Odette International Ltd

OFTP2: LIST OF CIPHER SUITES

DOC REF N O:

OP08

VERSION NO.:
DATE:

1.0
JANUARY 2015

PREFERRED TLS SECURITY FEATURES

TLS versions: 1.0, 1.1 and 1.2 are supported. If the server supports version 1.1. and/or 1.2, it should be able to
negotiate the version down to the version the connecting client is supporting. This can be done via an automatic
process or through manual configuration. All 3 versions are PFS capable, however 1.2 is the preferred more
secure version.
Perfect Forward Secrecy (PFS): For security reasons PFS is the recommended and preferred method of key
exchange.
During the TLS hand shake the client system offers the server a list of ciphers. It is strongly recommended to put
the ciphers of PFS on top of this list. Typically, the contacted server will then select the first supported cipher
which is likely to be a PFS cipher. If the client offers the appropriate cipher only further down the list of supported
ciphers, then the server should select a PFS cipher independently of the position in the list.
The key exchange must be done via Diffie-Hellman Ephemeral (DHE) algorithm to facilitate PFS.
Generally, ciphers used for TLS must be up-to-date. If a cipher has been declared as broken it should not be used
for TLS any longer. Neither client nor server should offer / select these ciphers anymore.

LIST OF CIPHER SUITES IN THE OFTP2 PROTOCOL

01 3DES_EDE_CBC_3KEY RSA_PKCS1_15 SHA-1
02 AES_256_CBC

RSA_PKCS1_15 SHA-1

03 3DES_EDE_CBC_3KEY RSA_PKCS1_15 SHA-256

04 AES_256_CBC

RSA_PKCS1_15 SHA-256

05 3DES_EDE_CBC_3KEY RSA_PKCS1_15 SHA-512

06 AES_256_CBC RSA_PKCS1_15 SHA-512

P a g e | 1/ 2
Odette International Ltd